Consumers are upgrading their devices more often due to continuous advances in hardware.  Old devices need to be sanitized (i.e., personal data removed with low recovery probability) before selling, donating, throwing away, or recycling the device ("disposal"), but previous works have shown that users frequently fail to do that.  We aim to understand the sources of misconceptions that result in risks to personal data.  Through a survey (n=131), we measure where the old devices end up and how they are sanitized.  Our survey shows that while most users dispose of their devices, a large proportion of participants (73%) kept at least one old device, often due to data leakage concerns.  Among disposed-of devices, 25% of participants reported using methods to erase their data that are insecure.  To further explore the processes that were undertaken to sanitize devices and sources of misconception, we invite a subset of respondents (n=35) for interviews.  Our interviews uncover the reasons for poor device sanitizing practices - misleading data deletion interfaces and prompts, lack of knowledge, and complex and slow disk wiping procedures.  We provide suggestions for device manufacturers and retailers on how to improve privacy, trust, and convenience when sanitizing old devices.